Kubernetes The Hard Way: Manual Cluster Implementation

📖 Project Overview

This repository documents my ongoing work to bootstrap a Kubernetes cluster from scratch on Google Cloud Platform (GCP).

As a Cyber Security student and aspiring SRE, I chose to build this "The Hard Way" (following Kelsey Hightower's methodology) rather than using managed services like GKE or EKS. My goal is to understand the deep internals of cluster orchestration, specifically focusing on the security architecture, PKI implementation, and network hardening.

Current Status: In Progress (Aligns with "DevOps / SRE Infrastructure Setup" on my CV)

🎯 Learning Objectives

By avoiding automated tools like kubeadm, this project forces a hands-on understanding of:

• Infrastructure Provisioning: Manually configuring VPCs, Subnets, and Firewalls on GCP.
• Cluster Security: Bootstrapping a Certificate Authority (CA) and generating TLS certificates for all components (etcd, kube-apiserver, kubelet, etc.).
• High Availability: Setting up a distributed etcd cluster for consistent state management.
• Networking: Implementing the Container Network Interface (CNI) plugin and managing pod routing tables.

🛠️ Tech Stack

• Cloud Provider: Google Cloud Platform (Compute Engine, VPC)
• OS: Ubuntu Server / Linux
• Container Runtime: Containerd
• Networking: CNI, IP tables, DNS
• Security Tools: cfssl, cfssljson (for PKI), RBAC authorization

🔐 Security Highlights

Why this matters for a Security Engineer:

• PKI & TLS: Manually generating the encryption keys and certificates for component-to-component authentication.
• Encryption at Rest: Configuring the encryption of secret data stored in etcd.
• RBAC: Defining strict Role-Based Access Control policies for the Kubelet and API Server.

📂 Project Structure

├── certs/          # PKI infrastructure and TLS certificates
├── configs/        # Kubeconfig files for authentication
├── infrastructure/ # GCP network and compute instance setup scripts
├── docs/           # Documentation and learning notes
└── README.md